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DETAILED ACTION 

1 . Claims 1 - 22 are pending. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1 - 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Flowers et al. U.S. Patent No. (7,073,198) in view of Dahlstrom et al. U.S. PG- 
Publication No. (2004/0006704). 

4. As per claims 1,11 and 21 , Flowers teaches establishing a baseline identification 
of an operating system type and an operating system release level for the computer 
system that is compatible with a Threat Management Vector (TMV) (Flowers, Col. 4 
Lines 26 - 37) but fails to teach receiving a TMV including therein a first field that 
provides identification of at least one operating system type that is affected by a 
computer security threat, a second field that provides identification of an operating 
system release level for the operating system type and a third field that provides 
identification of a set of possible countermeasures for an operating system type and an 
operating system release level and processing countermeasures that are identified in 
the TMV if the TMV identifies the operating system type and operating system release 
level for the computer system as being affected by the computer security threat. 
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However, in an analogous art Dahlstrom teaches a TMV including therein a first field 
that provides identification of at least one operating system type that is affected by a 
computer security threat, a second field that provides identification of an operating 
system release level for the operating system type and a third field that provides 
identification of a set of possible countermeasures for an operating system type 
(Dahlstrom, Paragraph 0006) and an operating system release level and processing 
countermeasures that are identified in the TMV if the TMV identifies the operating 
system type and operating system release level for the computer system as being 
affected by the computer security threat (Dahlstrom, Paragraph 0042). 

At the time the invention was made, it would have been obvious to use 
Dahlstrom's system for determining security vulnerabilities with Flowers' method for 
detecting vulnerability in a network because it offers the advantage of properly having 
ways to fix detected vulnerabilities. 

5. As per claims 2 and 12, Flowers as modified teaches comprises receiving a TMV 
history file in response to installation, configuration or maintenance of the computer 
system (Dahlstrom, Paragraph 0018) and wherein the processing comprises processing 
countermeasures that are identified in the TMV history file (Dahlstrom, Paragraph 0006, 
record of fixes). 

6. As per claims 3 and 1 3, Flowers as modified teaches updating a threat 
management information base for the computer system to account for the 
countermeasures that are processed file (Dahlstrom, Paragraphs 0027 and 0036). 
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7. As per claims 4, 14 and 22, Flowers as modified teaches determining whether 
the TMV identifies the operating system type and operating system release level for the 
computer system as being affected by the computer security threat (Flowers, Col. 4 
Lines 26 - 37) adding at least one instance identifier to the TMV to account for multiple 
instances of the operating system running on the computer system, if the TMV identifies 
the operating system type and operating system release level for the computer system 
as being affected by the computer security threat (Flowers, Col. 4 Lines 26 - 37) and 
processing countermeasures that are identified in the TMV for the instance of the 
operating system type and operating system release level when the instance of the 
operating system type and operating system release level is instantiated in the 
computer system (Dahlstrom, Paragraph 0042). 

8. As per claims 5 and 15, Flowers as modified teaches the processing comprises 
installing and running the countermeasure (Dahlstrom, Paragraphs 0044 and 0042). 

9. As per claims 6 and 16, Flowers as modified teaches wherein the receiving 
comprises receiving a TMV including therein the first field that provides identification of 
at least one operating system type that is affected by a computer security threat, the 
second field that provides identification of an operating system release level for the 
operating system type, a fourth field that provides identification of at least one 
application program type that is affected by the computer security threat and a fifth field 
that provides identification of a release level for the application program type, the third 
field providing identification of a set of possible countermeasures for the application 
program type and the application program release level (Flowers, Col. 4 Lines 26 - 37, 
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identifies OS) and wherein the processing comprises processing countermeasures that 
are identified in the TMV if the TMV identifies the application program type and 
application program release level for the computer system as being affected by the 
computer security threat (Dahlstrom, Paragraph 0042, fixes). 

10. As per claims 7 and 17, Flowers as modified teaches determining whether the 
TMV identifies the application program type and application programming release level 
for the computer system as being affected by the computer security threat (Flowers, 
Col. 4 Lines 26 - 37, identifies OS), adding at least one instance identifier to the TMV to 
account for multiple instances of the application program running on the computer 
system if the TMV identifies the application program type and application program 
release level for the computer system as being affected by the computer security threat 
(Flowers, Col. 4 Lines 26 - 37) and processing countermeasures that are identified in 
the TMV for the instance of the application program type and application program 
release level when the instance of the application program type and application program 
release level is instantiated in the computer system (Dahlstrom, Paragraph 0042). 

11. As per claims 8 and 1 8, Flowers as modified teaches the set of possible 
countermeasures comprises an identification of a countermeasure mode of installation 
(Dahlstrom, Paragraphs 0044 and 0042). 

12. As per claims 9 and 19, Flowers as modified teaches the receiving comprises 
pruning at least some of the TMV to discard at least some of the TMV that is not needed 
for processing countermeasures (Dahlstrom, Paragraph 0027). 



Application/Control Number: 10/624,158 



Page 6 



Art Unit: 2134 

13. As per claims 10 and 20, Flowers as modified teaches the receiving comprises 
mutating the TMV that is received to a format that is compatible with processing 
countermeasures (Dahlstrom, Paragraph 0042). 



14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Roderick Tolentino whose telephone number is (571) 
272-2661. The examiner can normally be reached on 8:00am - 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Conclusion 
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